Bajie » Java Http Server : Security Vulnerabilities, CVEs, CVSS score >= 5
UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a ... (modified ..) to access the file that was created for the program.
Max CVSS
7.5
EPSS Score
0.95%
Published
2001-05-03
Updated
2008-09-05
Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist.
Max CVSS
7.5
EPSS Score
1.04%
Published
2001-05-03
Updated
2008-09-05
The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals the real pathname of the web document root.
Max CVSS
5.0
EPSS Score
0.28%
Published
2000-10-20
Updated
2008-09-05
Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack.
Max CVSS
5.0
EPSS Score
0.27%
Published
2000-10-20
Updated
2017-10-10
4 vulnerabilities found